CVE-2009-0586 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
gstreamer_project	gstreamer	𝑥 < 0.10.23
canonical	ubuntu_linux	8.10

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

gst-plugins-base0.10

intrepid	Fixed 0.10.21-3ubuntu0.1 released
hardy	not-affected
gutsy	not-affected
dapper	not-affected

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff

http://openwall.com/lists/oss-security/2009/03/12/2

http://secunia.com/advisories/34335

http://secunia.com/advisories/34350

http://secunia.com/advisories/35777

http://security.gentoo.org/glsa/glsa-200907-11.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:085

http://www.ocert.org/advisories/ocert-2008-015.html

http://www.securityfocus.com/archive/1/501712/100/0/threaded

http://www.securityfocus.com/bid/34100

http://www.ubuntu.com/usn/USN-735-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/49274

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694

http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff

http://openwall.com/lists/oss-security/2009/03/12/2

http://secunia.com/advisories/34335

http://secunia.com/advisories/34350

http://secunia.com/advisories/35777

http://security.gentoo.org/glsa/glsa-200907-11.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:085

http://www.ocert.org/advisories/ocert-2008-015.html

http://www.securityfocus.com/archive/1/501712/100/0/threaded

http://www.securityfocus.com/bid/34100

http://www.ubuntu.com/usn/USN-735-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/49274

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694